| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by harrid 1063 days ago
	Bad analogy. There is reasonable expectation that security related bugs will be fixed in a reasonable time. And that it won't be a premium feature. Not legally of course as it's free etc. But that's commonly how the world works. A better analogy would be Microsoft asking for money to fix a security bug in Windows.

5 comments

smarnach 1063 days ago

This, I think, is the core issue of this thread. It's totally not reasonable to expect anything from people who were kind enough to put their code on the internet for free for others to use. The requester is using the code someone gifted them to make money, and expects the other person continue volunteering their time for free so they can make more money. Moreover, there is no actual security vulnerability here.

link

Skunkleton 1063 days ago

Most Free Software projects are not professional. Time is spent on them for personal reasons. Those reasons may not align with users of that project, but that is just too bad. If you don't like it, all you are entitled to is the source code.

> A better analogy would be Microsoft asking for money to fix a security bug in Windows.

Microsoft has the exact same practice. If you want to tell Microsoft how to spend their time, you better be prepared to fork over lots of money.

link

harrid 1063 days ago

Ok then how if Firefox would only release a critical Bugfix to paying users. Same thing - they would rightfully be called out on that.

link

Skunkleton 1063 days ago

Firefox is maintained by paid employees. This is not the same thing. There is no talk of making this a paid only release anywhere. Please avoid strawmen.

link

harrid 1062 days ago

That's irrelevant as they're not paid by the user.

link

allarm 1062 days ago

That’s absolutely relevant because Mozilla engineers are getting paid in the end. It’s reasonable to expect to get job done for the money. The volunteer devs are not getting paid and do their FOSS job after hours. There’s no obligations whatsoever.

link

wickedsickeune 1063 days ago

Windows is a paid product, FOSS is not. Plus you not only cannot, it's also illegal to fix the security bug yourself in Windows. Meanwhile, if someone needs something changed in FOSS they are free to do it themselves (it wasn't even a change, just a stupid rubber stamp)

link

pests 1063 days ago

> reasonable expectation that security related bugs will be fixed in a reasonable time

Who gave you this expectation?

link

justinclift 1063 days ago

Heh Heh Heh. On a tangent, that seems to be what Canonical is doing with Ubuntu subscriptions these days. :/

link